Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

Published byOphelia Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and."— Presentation transcript:

1 Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update September 2016

2 Purpose Introduce the ISA99 committee and the ISA/IEC 62443 series of standards on Industrial Automation and Control Systems Security. September 2016 2 Copyright © ISA, All Rights reserved

3 Topics Who are we? How do we work? What are the basics? What are our work products? Where do things stand? 3 Copyright © ISA, All Rights reserved September 2016

4 Who are we? 4 Copyright © ISA, All Rights reserved September 2016

5 ISA99 Committee The International Society of Automation (ISA) Committee on Security for Industrial Automation & Control Systems (ISA99) –500+ members –Representing companies across all sectors, including: –Chemical Processing –Petroleum Refining –Food and Beverage –Energy –Pharmaceuticals –Water –Manufacturing 5 Copyright © ISA, All Rights reserved September 2016

6 Our Scope “… industrial automation and control systems whose compromise could result in any or all of the following situations: –endangerment of public or employee safety –environmental protection –loss of public confidence –violation of regulatory requirements –loss of proprietary or confidential information –economic loss –impact on entity, local, state, or national security” September 2016 6 Copyright © ISA, All Rights reserved

7 How Do We Work? September 2016 7 Copyright © ISA, All Rights reserved

8 ISA99 and ISA/IEC 62443 ISA/IEC 62443 is a series of standards being developed by two groups: –ISA99  ANSI/ISA-62443 –IEC TC65/WG10  IEC 62443 In consultation with: –ISO/IEC JTC1/SC27  ISO/IEC 2700x September 2016 8 Copyright © ISA, All Rights reserved

9 Other Partners for Related Topics Process Safety (ISA84, IEC TC65) Wireless Communications (ISA100) Certification (ISCI) Communications & Advocacy (Automation Federation) Security Framework (NIST) International Reach (IEC/ISO) September 2016 9 Copyright © ISA, All Rights reserved IACS Security

10 The Basics General Concepts Fundamental Concepts September 2016 10 Copyright © ISA, All Rights reserved

11 General Concepts Security Context Security Objectives Least Privilege Defense in Depth Threat-Risk Assessment Policies and Procedures Supply Chain Security Source: ISA-62443-1-1, 2 nd Edition (Under development) September 2016 11 Copyright © ISA, All Rights reserved

12 Fundamental Concepts Security Life Cycles Zones and Conduits Security Levels Foundational Requirements Program Maturity Security and Safety September 2016 12 Copyright © ISA, All Rights reserved Source: ISA-62443-1-1, 2 nd Edition (Under development)

13 Related Life Cycles September 2016 13 Copyright © ISA, All Rights reserved Based on VDI 2182 Operation & Maintenance Integration / Commissioning Product Development Product Supplier System Integrator Asset Owner Security Documentation Security Guidelines Security Support Requirements

14 Integrated Life Cycle September 2016 14 Copyright © ISA, All Rights reserved

15 Zones and Conduits A network & system segmentation technique: Prevents the spread of an incident Provides a front-line set of defenses The basis for risk assessment in system design September 2016 15 Copyright © ISA, All Rights reserved

16 System Segmentation A process to understand: –How different systems interact –Where information flows between systems –What form that information takes –What devices communicate –How fast/often those devices communicate –The security differences between system components Technology helps, but architecture is more important September 2016 16 Copyright © ISA, All Rights reserved

17 Example September 2016 17 Copyright © ISA, All Rights reserved

18 Security Levels September 2016 18 Copyright © ISA, All Rights reserved

19 Foundational Requirements FR 1 – Identification & authentication control FR 2 – Use control FR 3 – System integrity FR 4 – Data confidentiality FR 5 – Restricted data flow FR 6 – Timely response to events FR 7 – Resource availability September 2016 19 Copyright © ISA, All Rights reserved

20 Program Maturity A means of assessing capability Similar in concept to Capability Maturity Models –e.g., SEI-CMM An evolving concept in the standards –Applicability to IACS-SMS September 2016 Copyright © ISA, All Rights reserved 20

21 Security and Safety Safety is much of the reason for security –Presenting consequences Much to be learned from the Security community Collaboration –ISA99-ISA84 joint effort –IEC TC65 work group 20 –ISA Safety and Security Division September 2016 21 Copyright © ISA, All Rights reserved

22 Work Products September 2016 22 Copyright © ISA, All Rights reserved

23 September 2016 23 Copyright © ISA, All Rights reserved The ISA-62443/IEC 62443 Series

24 General Information 62443-1-1 –Concepts and Models TR62443-1-2 –Master Glossary TR62443-1-3 –Metrics TR62443-1-4 –Lifecycle & Use Cases September 2016 24 Copyright © ISA, All Rights reserved

25 Policies and Procedures 62443-2-1 –Security Management System TR62443-2-2 –Implementation Guidance TR62443-2-3 –Patch Management 62443-2-4 –Requirements for Suppliers September 2016 25 Copyright © ISA, All Rights reserved

26 System Requirements 62443-3-1 –Security Technologies 62443-3-2 –Risk Assessment and Design 62443-3-3 –System Requirements September 2016 26 Copyright © ISA, All Rights reserved

27 Component Requirements 62443-4-1 –Product Development 62443-4-2 –Technical Component Security September 2016 27 Copyright © ISA, All Rights reserved

28 What is Happening September 2016 28 Copyright © ISA, All Rights reserved

29 Recent Developments TR62443-1-3 –Development suspended TR62443-2-3 –Published in July 2015 62443-2-4 –Published by IEC –Proposed adoption by ISA September 2016 29 Copyright © ISA, All Rights reserved

30 Recent Developments 62443-3-2 –Under revision; CDV planned by EOY 2016 62443-4-1 –Approved by ISA and IEC –Final standard pending September 2016 30 Copyright © ISA, All Rights reserved

31 Current Areas of Activity 62443-1-1 (2 nd Edition) –Draft for comment by EOY 2016 62443-2-1 (2 nd Edition) –Alignment with ISO 27001:2013 62443-3-2 –Risk assessment & system design 62443-4-1 –Detailed Requirements for product development 62443-4-2 –Detailed Requirements for components September 2016 31 Copyright © ISA, All Rights reserved

32 Review Who are we? How do we work? What are the basics? What are our work products? Where do things stand? September 2016 32 Copyright © ISA, All Rights reserved

33 Conclusion September 2016 33 Copyright © ISA, All Rights reserved

34 ISA99 Wiki:http://isa99.isa.orghttp://isa99.isa.org Twitter:@ISA99Chair Committee Co-Chairs:isa99chair@gmail.comisa99chair@gmail.com –Eric Cosman –Jim Gilsinn Managing Director –Joe Weiss ISA Staff Contact –Eliana Brazdaebrazda@isa.orgebrazda@isa.org Please provide contact information & area of expertise or interest Questions, Comments, Contributions… September 2016 34 Copyright © ISA, All Rights reserved

35 Questions September 2016 35 Copyright © ISA, All Rights reserved

36 September 2016 36 Copyright © ISA, All Rights reserved Document Description Title and Description:ISA99 Committee Overview Ownership:ISA99 Leadership Last Revised:September 2016 Revision10 Master Copy:This document is located on the committee collaboration site, in the Information folder Copy control:Only the master copy will be maintained. Any other copies or previous revisions are considered obsolete at the time of copy. Comments:

Download ppt "Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and."

Similar presentations

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.

ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
Security Controls – What Works

Security Controls – What Works
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
© ITGI, ISACA - not for commercial use. John R. Robles 787-647-3961 Guidance for Information.

© ITGI, ISACA - not for commercial use. John R. Robles Guidance for Information.
Laboratory Biorisk Management Standard CWA 15793:2008

Laboratory Biorisk Management Standard CWA 15793:2008
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
1 SG C Regulatory Fitness and Performance Programme (REFIT) September 2014.

1 SG C Regulatory Fitness and Performance Programme (REFIT) September 2014.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI-1234567 Uwe Mueller-Wilm Palermo, Oct. 2008 ETICS Service Management Framework Business Objectives and “Best.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.
Presented by : Miss Vrindah Chaundee

Presented by : Miss Vrindah Chaundee
Certification and Accreditation CS-7493-01 Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.

© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.
Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.
ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.

ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.
Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Similar presentations

Ads by Google